AMENDMENT TO THE CLAIMS 



1-36 (canceled) 

1 37. (new): A method for providing a capability to securely update information 

2 stored in a plurality of computer systems, wherein the method comprises: 

3 forming a protected partition within a hard drive of each of the computer 

4 systems 

5 storing, withjn nonvolatile storage of each computer system in the plurality 

6 of computer systems, a setup password, an operating system, and an 

7 initialization routine to execute within a processor of the computer system after 

8 power on of the computer system, wherein the initialization routine includes 

9 instructions causing the protected partition to be locked before the operating 

10 system is loaded, and wherein instructions causing information stored within the 

11 predetermined location to be written within the protected partition after 

12 predetermined security procedures using the setup password have occurred but 

1 3 before the protected partition is locked; 

14 establishing a network connecting each computer system in the plurality of 

1 5 computer systems with a server system; 

16 generating a file update partition within the server system; 

17 transmitting the a file update partition over the network to each computer 

18 system in the plurality of computer systems; and 

19 storing the a file update partition within the predetermined location of each 
20- computer system in the plurality of computer systems. 

1 38. (new): The method of claim 37, wherein the initialization routine includes 

2 instructions causing the processor of the computer system to perform a method 

3 including: 

4 comparing information stored in the update partition with information from 

5 the a file update partition stored within the predetermined location; 
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6 when a matching portion of the information stored in the protected 

7 partition is found match a portion of the information stored within the file update 

8 partition, ovenA/riting the matching portion with the portion of the information 

9 stored in the file update partition if space around the matching portion is 

10 sufficient; 

1 1 when a portion of the information stored in the protected partition is not 

12 found to match a portion of the information stored within the file update partition, 

13 writing the portion of the information stored within the file update partition to 

14 append to the information stored in the protected partition if space within the 

1 5 protected partition is sufficient; and 

16 locking the protected partition to prevent further modification of 

17 information stored within the protected partition. 

1 39. (new): The method of claim 38, wherein 

2 a flag bit is set in non-volatile storage within the computing system when 

3 the file update partition is stored at a predetermined location in non-volatile 

4 storage within the computing system, and 

5 determining whether the file update partition is stored within the 

6 computing system for updating the protected partition is performed by 

7 determining whether the flag bit is set. 

1 40. (new): The method of claim 38, wherein 

2 the method additionally comprises, after determining that the file update 

3 partition is stored within the computing system for updating the protected 

4 partition, verifying whether the update partition file has been generated by the 

5 server system, and 

6 the portion of the file update partition is written to the protected partition 

7 only following verification that the update partition file has been generated by 

8 the server system. 
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1 41. (new): The method of claim 40, wherein verification that the file update 

2 partition has been generated by the server system includes: 

3 forming a first message digest by applying a hash algorithm to a portion 

4 of the file update partition; 

5 forming a second message digest by decrypting a digital signature within 

6 the file update partition using a public key of the server system; and; 

7 determining that the first and second message digests are identical. 

1 42. (new): The method of claim 40, wherein 

2 the predetermined setup procedures include verifying that the file update 

3 partition has been generated by the server system includes signing an 

4 encrypted portion of the update partition file with a public key of the trusted 

5 server system, and 

6 the encrypted portion of the file update partition has been prepared by 

7 signing, with a private key of the server system, a result of the application of an 

8 algorithm to data including a version of the setup password 

9 accessed by the server system. 

1 43. (new): The method of claim 42, wherein 

2 the data includes the version of the setup password appended to a 

3 portion of the file update partition, 

4 said algorithm is a hash algorithm generating a message digest, and 

5 verifying that the update partition file has been generated by the server 

6 system includes applying the hash algorithm to the setup 

7 password stored within the computing system appended to a portion of the 

8 update partition file to generate a first version of a message digest and 

9 comparing the first version of the message digest with a second version of the 

10 message digest obtained by signing the encrypted portion of the update 

11 partition file. 
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1 44. (new): The method of claim 38, wherein 

2 the file update partition includes a plurality of entries and a plurality of 

3 encrypted elements, 

4 each entry within the plurality of entries includes information to be stored 

5 at a different location within the protected file partition, 

6 each encrypted element within the plurality of encrypted elements is 

7 associated with an entry in the plurality of entries. 

8 the method additionally comprises, following determining that the file 

9 update partition is stored within the computing system for updating the protected 

10 partition, verifying whether each entry in the plurality of entries within the file 

1 1 update partition has been generated by the server system, and 

12 each entry in the plurality of entries within the file update partition is 

13 written to the protected partition only following verification that the entry has 

14 been generated by the server system. 

1 45. (new): The method of claim 44, wherein verifying that the entry has been 

2 generated by the server system includes: 

3 forming a first message digest by applying a hash algorithm to the entry; 

4 forming a second message digest by signing the encrypted element 

5 associated with the entry using a public key of the server system; and; 

6 determining that the first and second message digests are identical. 

1 46. (new): The method of claim 44, wherein verifying that the entry has been 

2 generated by the server system includes signing the encrypted element 

3 associated with the entry with a public key of the server system, and the 

4 encrypted element of the file update partition has been prepared by signing, 

5 with the private key of the server system, a result of the application of an 

6 algorithm to data including a version of the setup password accessed by the 

7 server system. 
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1 47. (new): The method of claim 46, wherein 

2 the data includes the version of the setup password appended to a the 

3 entry, 

4 the algorithm is a hash algorithm generating a message digest, and 

5 verifying that the entry has been generated by the server system includes 

6 applying the hash algorithm to the setup password stored within the computing 

7 system appended the entry to generate a first version of a message digest and 

8 comparing the first version of the message digest with 

9 a second version of the message digest obtained by signing the encrypted 
10 element.' 

1 48. (original): The method of claim 44, wherein 

2 information stored in the file update partition is compared to each entry in 

3 the plurality of entries within the update partition, 

4 when a portion of the information stored in the protected partition is found 

5 to match the entry, the portion of the information stored in the protected partition 

6 is overwritten with the entry if space around the matching portion is sufficient, 

7 and 

8 when a portion of the information stored in the protected partition is not 

9 found to match the entry, the entry is appended to the information stored in the 
10 protected partition if space within the protected partition is sufficient. 

1 49. (new): The method of claim 38, wherein 

2 the method additionally comprises receiving an input signal from a 

3 keyboard of the computing system and comparing the input signal with a signal 

4 corresponding to a setup password stored in non-volatile storage within the 

5 computing system, and 

6 the protected partition is left unlocked if the input signal matches the 

7 signal corresponding to the setup password. 
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1 50. (new): An interconnected system for providing updated information in a 

2 secure manner, wherein the interconnected system comprises: 

3 a network; 

4 a server system connected to the network and programmed to generate 

5 an update partition file and to transmit the update partition file over the network; 

6 and 

7 a computer system connected to the network, wherein the computer 

8 system includes a processor, non-volatile data storage including a hard drive 

9 having a protected partition, wherein the processor is programmed to receive the 

1 0 update partition file from the network and to store the update partition information 

11 in a predetermined location within the nonvolatile storage outside the protected 

12 partition, and wherein the nonvolatile data storage stores an operating system 

13 and an initialization routine, executing within the processor after power on of the 

14 computer system, including instructions causing the protected partition to be 

15 locked before the operating system is loaded, and instructions causing 

16 information stored within the predetermined location to be written within the 

17 protected partition after predetermined security procedures have occurred but 

18 before the protected partition is locked. 

1 51. (new): The method of claim 50, wherein the initialization routine includes 

2 instructions causing the processor of the computer system to perform a method 

3 including: 

4 comparing information stored in the update partition with information from 

5 the a file update partition stored within the predetermined location; 

6 when a matching portion of the information stored in the protected 

7 partition is found match a portion of the information stored within the update 

8 partition file, overwriting the matching portion with the portion of the information 

9 stored in the protected partition if space around the matching portion is 

10 sufficient; 



09/841,503 



1 1 when a portion of the information stored in the protected partition is not 

12 found to match a portion of the information stored within the update partition file, 

1 3 writing the portion of the information stored within the update partition file to 

14 append to the infomnation stored in the protected partition if space within the 

1 5 protected partition is sufficient; and 

16 locking the protected partition to prevent further modification of 

17 information stored within the protected partition. 

1 52. (new): The method of claim 51 , wherein 

2 a flag bit is set in non-volatile storage within the computing system when 

3 the file update partition is stored at a predetermined location in non-volatile 

4 storage within the computing system, and 

5 detemriining whether the file update partition is stored within the 

6 computing system for updating the protected partition is performed by 

7 detennining whether the flag bit Is set. 

1 53. (new): The method of claim 51 , wherein 

2 the method additionally comprises, after determining that the update 

3 partition file is stored within the computing system for updating the protected 

4 partition, verifying whether the update partition file has been generated by a 

5 trusted server system, and 

6 the portion of the update partition is written to the protected partition 

7 only following verification that the update partition file has been generated by 

8 the server system. 

1 54. (new): The method of claim 53, wherein verification that the update 

2 partition file has been generated by the server system includes: 

3 forming a first message digest by applying a hash algorithm to a portion 

4 of the update partition file; 

5 forming a second message digest by decrypting a digital signature within 
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6 the update partition file using a public key of the server system; and; 

7 determining that the first and second message digests are identical. 

1 55. (new): The method of claim 53, wherein 

2 the predetermined setup procedures include verifying that the update 

3 partition file has been generated by the server system includes signing an 

4 encrypted portion of the update partition file with a public key of the trusted 

5 server system, and 

6 the encrypted portion of the update partition file has been prepared by 

7 signing, with a private key of the server system, a result of the application of an 

8 algorithm to data including a version of the setup password 

9 accessed by the server system. 

1 56. (new): The method of claim 55, wherein 

2 the data includes the version of the setup password appended to a 

3 portion of the update partition file, 

4 the algorithm is a hash algorithm generating a message digest, and 

5 verifying that the update partition file has been generated by the server 

6 system includes applying the hash algorithm to the setup 

7 password stored within the computing system appended to a portion of the 

8 update partition file to generate a first version of a message digest and 

9 comparing the first version of the message digest with a second version of the 

1 0 message digest obtained by signing the encrypted portion of the update 

1 1 partition file. 

1 57. (new): The method of claim 51, wherein 

2 the file update partition includes a plurality of entries and a plurality of 

3 encrypted elements, 

4 each entry within the plurality of entries includes information to be stored 

5 at a different location within the protected file partition. 
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6 each encrypted element within the plurality of encrypted elements is 

7 associated with an entry in the plurality of entries. 

8 the method additionally comprises, following determining that the file 

9 update partition is stored within the computing system for updating the protected 

10 partition, verifying whether each entry in the plurality of entries within the file 

1 1 update partition has been generated by the server system, and 

12 each entry in the plurality of entries within the file update partition is 

1 3 written to the protected partition only following verification that the entry has 

14 been generated by the server system. 

1 58. (new): The method of claim 57, wherein verifying that the entry has been 

2 generated by the server system includes: 

3 forming a first message digest by applying a hash algorithm to the entry; 

4 forming a second message digest by signing the encrypted element 

5 associated with the entry using a public key of the server system; and; 

6 determining that the first and second message digests are identical. 

1 59. (new): The method of claim 57, wherein verifying that the entry has been 

2 generated by the server system includes signing the encrypted element 

3 associated with the entry with a public key of the server system, and the 

4 encrypted element of the file update partition has been prepared by signing, 

5 with the private key of the server system, a result of the application of an 

6 algorithm to data including a version of the setup password accessed by the 

7 server system. 

1 60. (new): The method of claim 59, wherein 

2 the data includes the version of the setup password appended to a the 

3 entry, 

4 said algorithm is a hash algorithm generating a message digest, and 
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5 verifying that the entry has been generated by the server system includes 

6 applying the hash algorithm to the setup password stored within the computing 

7 system appended the entry to generate a first version of a message digest and 

8 comparing the first version of the message digest with 

9 a second version of the message digest obtained by signing the encrypted 
,10 element. 

1 61 . (new): The method of claim 57, wherein 

2 information stored in the file update partition is compared to each entry in 

3 the plurality of entries within the update partition, 

4 when a portion of the information stored in the protected partition is found 

5 to match the entry, the portion of the information stored in the protected partition 

6 is ovenwritten with the entry if space around the matching portion is sufficient, 

7 and 

8 when a portion of the information stored in the protected partition is not 

9 found to match the entry, the entry is appended to the information stored in the 
10 protected partition if space within the protected partition is sufficient. 

1 62. (new): The method of claim 51, wherein 

2 the method additionally comprises receiving an input signal from a 

3 keyboard of the computing system and comparing the input signal with a signal 

4 corresponding to a setup password stored in non-volatile storage within the 

5 computing system, and 

6 the protected partition is left unlocked if the input signal matches the 

7 signal corresponding to the setup password. 
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